TCP availability check
This check test the ability of the DNS to respond to queries over TCP for the intended domain.
RFC 5966 state that all general purpose DNS implementations MUST support both UDP and TCP transport. DNS resolvers servers typically use TCP whenever they expect a large response packet which run the risk of being truncated or fragmented.
Event severities and messages
ERROR
Query attempt timed out.
The server timed out as the check tried to establish the connection. This error can depend on two possible scenarios:
- the DNS server is not configured to allow TCP connections, or
- network equipment like a firewall or IPS drops incoming TCP connections to the DNS server.
Unexpected response from server: {response code}
The DNS responded with an error code. The error code will most likely contain information about the reason.
UNKNOWN
Unable to perform check due to input data failure.
When this message appear usually one of the queries leading up to the final query have received an empty or garbled query response. Please report this through the normal support channel.
Corrupt or malformed response from nameserver.
The check received a query response with unreadable data fields. Please report this through the normal support channel.
The name server can't be reached on its UDP port, so running this check is pointless.
The name server is pretty much effectively down. Most DNS queries use UDP as transport and won't fall back to TCP if the UPD port is unreachable.
Solutions, tips & tricks
Make sure that the DNS server is configured to allow TCP queries.
Pay special attention if certain network security equipments can be configured to handle (drop/reject/allow) different DNS query types, classes and query options. Make sure that non-recursive DNS queries for the IN class are allowed.